Technology due diligence frequently doesn’t get enough attention when selling a business. Almost every company uses technology to operate in 2024. Technical debt can be serious and costly to correct. It can also be a very unwelcome surprise for anyone acquiring a business.
The Big Why
Poorly executed technology plans can cost businesses millions. If the company being bought or sold has legacy systems, it can create significant challenges. It may be difficult to operate across disparate platforms or get accurate reporting. Operational inefficiencies or other challenges could be a result. It may also make it impossible to unite two companies technologically without a complete overhaul and significant expense.
The risk associated is significant, and when the companies merging are not technology companies it’s frequently overlooked. This is especially true in regulated industries such as healthcare and finance, where specific security compliances must be adhered to.
What to Look For
There are a lot of things that you should look at as part of your technology due diligence. This is not a complete list, but rather a few of the major areas that should be examined.
- Review IT Infrastructure – This is typically the core network equipment such as firewalls, switching, and servers at all locations. What hardware is it? How is everything connected currently? Does the data live locally on servers, or is it in the cloud? What is the current security and supportability of the network infrastructure? What would it take to integrate systems?
- Hardware and Software Inventory – It’s also quite helpful to have a complete inventory of all the hardware and software currently in use. This allows you to better understand the scope and identify any hardware or software that may not be up to standards or require replacement.
- Current Management – Who is managing IT currently? Is there an inhouse IT team? Does a third party provide IT services? Can the current support solution scale to meet the needs of the acquisition? Would teams and systems need to be merged for a successful IT solution?
- Security Solutions and Procedures – We recommend that you do a complete review of the security solutions currently in place. What software or tools are being used? Do current security measures meet the needs of the combined entity? Where are their gaps in security? If this is a regulated industry, are they currently meeting regulatory requirements? If not, what would it take to get them there. In 2024 this is one of the areas that can present the most risk and should be examined closely.
- Integration Cost Benefit Analysis – Once you have an idea what systems are in place for all parties involved, some thought should be given to how the various networks can be combined. Is there a way to integrate software? Do we need to migrate all uses on one side to the software used by the larger entity? Based on functionality and scalability is that the best solution for all parties? Think through the direction you would likely want to go as a combined entity and evaluate the cost of getting there.
- Maintenance Plan – What is the companies current maintenance plan? When do patches and updates get applied? Has the current plan been effective at keeping them up to date as an organization? Does poor maintenance hygiene represent a risk? What tools or automation would you need to get this in a better spot?
- Written Policies – Many companies have very little in the way of written policies when it comes to managing technology. You should be looking for policies that cover a range of topics from acceptable use to data privacy, to incident response and IT asset disposal. Again, this isn’t a complete list, but having appropriate policies in place that your entire team has reviewed and agreed to is important when evaluating risk.
Gathering Data
The process of gathering all the data necessary to do quality technology due diligence is significant. It will take quite a bit of time and effort, and as a result it can be tempting for M&A teams to skip steps in the process.
Don’t do it. There is frequently a high correlation between quality systems for IT and cybersecurity and excellence in operations in general. Technology due diligence ensures that you are aware of all potential risks. It also will help to inform your opinion on the company.
Help is Available
Some of the discussions when doing technology due diligence can be highly technical. They may require an expert that knows the right questions to ask and can assist in interpreting the data collected. There are some software solutions available that can make this process simpler. The professionals at i.t.NOW also stand ready to help. We can evaluate your IT systems and give you a complete technical report along with our recommendations. Call us today for free consultation.
Photo by RDNE Stock project: https://www.pexels.com/photo/name-plate-on-a-desk-with-a-humorous-message-7845309/